GetSecurityDescriptor method of the Win32_Service class (Remote Desktop Services)

The GetSecurityDescriptor method returns the security descriptor that controls access to the service. The descriptor is returned as an instance of Win32_SecurityDescriptor.

Syntax

uint32 GetSecurityDescriptor(
  [out] Win32_SecurityDescriptor Descriptor
);

Parameters

Descriptor [out]

The security descriptor associated with the service.

Return value

Returns one of the values listed in the following list, or a different value to indicate an error. For additional error codes, see WMI Error Constants or WbemErrorEnum. For general HRESULT values, see System Error Codes.

0

The request was accepted.

1

The request is not supported.

2

The user did not have the necessary access.

3

The service cannot be stopped because other services that are running are dependent on it.

4

The requested control code is not valid, or it is unacceptable to the service.

5

The requested control code cannot be sent to the service because the state of the service (Win32_BaseService.State property) is equal to 0, 1, or 2.

6

The service has not been started.

7

The service did not respond to the start request in a timely fashion.

8

Unknown failure when starting the service.

9

The directory path to the service executable file was not found.

10

The service is already running.

11

The database to add a new service is locked.

12

A dependency this service relies on has been removed from the system.

13

The service failed to find the service needed from a dependent service.

14

The service has been disabled from the system.

15

The service does not have the correct authentication to run on the system.

16

This service is being removed from the system.

17

The service has no execution thread.

18

The service has circular dependencies when it starts.

19

A service is running under the same name.

20

The service name has invalid characters.

21

Invalid parameters have been passed to the service.

22

The account under which this service runs is either invalid or lacks the permissions to run the service.

23

The service exists in the database of services available from the system.

24

The service is currently paused in the system.

Remarks

The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.

If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.

Examples

When retrieving a security descriptor in VBScript, be sure to "Security" and run as Admin, as shown in the following code snippet. Otherwise, your code may throw a permissions error.

Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

Similarly, in VB.NET, be sure to set "EnablePrivileges = True" and run the Application as Admin.

Scope = New ManagementScope([String].Format("\\{0}\root\CIMV2", ComputerName), Nothing)
Scope.Options.EnablePrivileges = True

Requirements

Requirement Value
Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\CIMv2\TerminalServices
MOF
TSCfgWmi.mof
DLL
TSCfgWmi.dll

See also

Win32_Service

Win32_TerminalService

Privilege Constants

WMI Security Descriptor Objects

Changing Access Security on Securable Objects

User Account Control and WMI